Nmap Development mailing list archives
Re: [NSE] Draft - targets-sniffer.nse
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Tue, 22 Mar 2011 21:17:39 +0200
This thing is cool! It fails unless you are root, for understandable reasons. Do we have some kind of policy for scripts that require root? I think there should be a way for scripts to report this to nmap, and nmap should probably abort the scan if the user is has request root features while being nonroot. I am not sure, if this is possible at the moment. I am not sure I understand the big picture. It would be useful for the final version to take a filter argument that is used to filter out noise. Maybe we want to scan all service that one host is accessing, or maybe we want to scan all hosts that are accessing some service. I think there are some standard languages for defining such packet filtering. We should probably implement them in a library rather than each script specifically. What filtering languages do we want to use? Do we already have support for one of them? On Tue, Mar 22, 2011 at 8:44 PM, Nick Nikolaou <nikolasnikolaou1 () gmail com> wrote:
Hello everyone, Attached is a draft of a targets-sniffer script. The script sniffs for a configured amount of a time and adds addresses from packets it sees in newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer) The script still needs work but I was hoping to get some feedback from the list. Example usage: nmap -sL --script targets-sniffer.nse --script-args=newtargets This will perform a list scan on the IP addresses it sniffs, ignoring duplicates and broadcasts. (You can use -d to see the IP addresses as they are sniffed) *Issues that need to be resolved:* 1) The sniffing interface is hard-coded at the moment. Is there a way to get the active interface in a prerule script? Alternatively I could change the rule to a hostrule. (and maybe a high enough runlevel to ensure the script runs first?) 2) The pcap socket doesn't time out. The only way I got it to timeout was to set the timeout value to <=1s. Even then if it sniffed a packet it wouldn't timeout. I ended up using a temporary nmap.clock() based solution in order to test the script. 3) I'm not really happy with the way the script extracts the IP addresses from the packets at the moment. 4) Any other issues you find. Thanks for any feedback. Nick _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Draft - targets-sniffer.nse, (continued)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 24)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Toni Ruottu (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Abuse007 (Mar 30)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Patrick Donnelly (Mar 22)